Teenagers from Western English-speaking countries are increasingly targeted by financial sextortion attacks conducted by Nigeria-based cybercriminals, the Network Contagion Research Institute (NCRI) has found.
A majority of these happen on social media platforms like TikTok, Snapchat, Instagram, and Wizz.
Financial sextortion, the illegal act of adults manipulating minors, or other adults, into sharing sexually suggestive content online to extort their money, is the most rapidly growing crime targeting children in the US, Canada, and Australia, a new NCRI report said.
In October 2023, the FBI reported a 1,000% increase in financial sextortion incidents in the US over the past 18 months. This prompted several US government agencies to launch a national Public Safety Alert on the explosion of the threat.
Canada and Australia are observing a similar trend, with their domestic law enforcement agencies receiving between 200 and 300 complaints per month, respectively.
Instagram, Snapchat and Wizz, Top Sextortion Platforms
According to the US National Center for Missing & Exploited Children (NCMEC), social media is the platform of choice for these sextortion schemes to unfold.
Specifically, the following three apps are the top platforms for sextortion:
- Snapchat
- Wizz
Instagram, which does not offer a feature to hide your connections, is the most common vector that sextortion criminals use to target their victims, the NCRI report said.
“Specifically, nearly all financial sextortion attacks on minors involve the screenshotting of the victim’s Instagram followers/following lists and using those lists as leverage, threatening to send the victim’s intimate photos to all these accounts,” the report said.
Snapchat is most frequently utilized to coerce victims into sending a compromising photo once the attacker has gained the trust of its victims.
“Snapchat is the preferred app by criminals because its design features provide a false sense of security to the victim that their photos will disappear and not be screenshotted,” the NCRI said.
The third social media app most used for sextortion purposes, Wizz, is also the fastest rising. This Tinder-like dating platform targeting young teenagers (13+) is owned by the French group Voodoo.
“In the Google Play Store and the App Store, dozens of minors have reported that they were coerced into producing self-generated child sexual exploitation material (SG-CSEM) and blackmailed on Wizz – alongside other child safety concerns, including a high frequency of complaints that the app is serving pornographic ads to minors,” the NCRI researchers observed.
A Voodoo spokesperson told Infosecurity the company has implemented strict security controls to avoid abusive or illegal behavior on its platform.
"We have zero tolerance for scams and inappropriate behavior of any kind on the platform, and we are constantly innovating to ensure Wizz is leading the industry on user safety. We've developed a comprehensive safety ecosystem, where all written and visual content is moderated, age verification is required, and where user-reported situations are immediately addressed.”
Nigerian Cybercriminals Behind the Surge
Almost all this sextortion activity comes from Nigeria-based cybercriminals known as ‘Yahoo Boys’, NCRI reported.
Their typical approach is to “bomb” high schools, youth sports teams and universities with fake accounts, using advanced social engineering tactics to coerce their victims into a compromising situation.
Although they are not necessarily part of a structured cybercriminal group, Yahoo Boys did start sharing their knowledge with each other.
For example, NCRI has found that they are now widely sharing sextortion scripts and instructional videos on TikTok, YouTube, and Scribd, encouraging other criminals to partake in sextortion.
The sextortion surge observed in the US, Canada and Australia is “a direct result” of this knowledge-sharing, NCRI concluded.
However, little has been shared about the individuals specifically involved in the current financial sextortion surge.
“To date, there are only three known indictments of these criminals in court records and public reporting,” said the report.
Who Are the Yahoo Boys?
The term ‘Yahoo Boys’ started to be used in the early 2000s to refer to financially motivated young Nigerians conducting phishing scams – an activity commonly called ‘yahoo yahoo’ or ‘419 fraud’ in Nigerian slang – using Yahoo.com email addresses.
They are the original ‘Nigerian Princes,’ who have shifted in recent years to conduct elderly fraud, fake job scams, and romance scams.
Despite what some reports sometimes indicate, Yahoo Boys are not part of one unified cybercriminal group but form a nebulous subculture group. Although they might share tips and tricks, they typically operate individually or structured in small groups.
This article was updated with a statement from Wizz owner Voodoo on January 31, 2024.